WHAT IS CLAIMED IS: 



1 1 . In a public key encryption system, a method for selecting a current 

2 secret key to be used to encrypt a message, the method comprising: 

3 determining whether a new secret key is required; 

4 if a new secret key is required: 

5 generating the new secret key; 

6 generating a new encrypted secret key by encrypting the new secret 

7 key using a public key associated with a recipient of the message; 

8 storing in a local data store the new secret key as a reusable secret key, 

9 the new encrypted secret key as a corresponding reusable encrypted secret key, and counter 
S=Q data associated with the reusable secret key; and 

ft selecting as the current secret key the new secret key; and 

ft if a new secret key is not required: 

13 retrieving from the local data store a reusable secret key and the 

B corresponding reusable encrypted secret key; 

15 updating the counter data associated with the reusable secret key in the 

f§ local data store; and 

Uf selecting as the current secret key the reusable secret key. 

H 2. The method of claim 1, further comprising storing in the local data 

2 store state information associated with a cryptographic algorithm in which the reusable secret 

3 key is applied. 

1 3 . The method of claim 1 , wherein determining whether a new secret key 

2 is required comprises: 

3 determining whether a previous message has been sent to the recipient; 

4 if a previous message has not been sent to the recipient, determining that a 

5 new secret key is required; and 

6 if a previous message has been sent to the recipient: 

7 retrieving the counter data from the local data store; and 

8 comparing the counter data to a reuse criterion; 

9 if the counter data satisfies the reuse criterion, determining that a new 

1 0 secret key is not required; and 
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if the counter data fails to satisfy the reuse criterion, determining that a 
new secret key is required. 



1 4. The method of claim 3, wherein the reuse criterion comprises a 

2 maximum number of messages and the counter data comprises a cumulative number of 

3 messages previously sent using the reusable secret key. 

1 5 . The method of claim 3 , wherein the reuse criterion comprises a 

2 maximum number of bytes of message data and the counter data comprises a cumulative 

3 number of bytes of message data previously sent using the reusable secret key. 

1 6. The method of claim 3, wherein the reuse criterion comprises a 

j=2 maximum amount of elapsed time and the counter data comprises an amount of elapsed time 

f3 since the reusable secret key was generated. 

=H 7- The method of claim 1, further comprising: 

encrypting the message using the current secret key; and 

P sending the encrypted message and the encrypted secret key. 

M, 

jj* 8. In a public key enveloping system, a method of decrypting a received 

4 message comprising: 

2 extracting an encrypted secret key from the received message; 

4 determining whether the encrypted secret key was previously decrypted; 

5 if the encrypted secret key was not previously decrypted: 

6 decrypting the encrypted secret key; and 

storing the encrypted secret key and the decrypted secret key in a local 

8 data store; 

9 if tne encrypted secret key was previously decrypted, retrieving the decrypted 

1 0 secret key from the local data store; and 

1 1 decrypting the message using the decrypted secret key. 

1 9. The method of claim 8, wherein determining whether the encrypted 

2 secret key was previously decrypted comprises: 

3 searching for the encrypted secret key in the local data store; 

4 if the encrypted secret key is found in the local data store, determining that the 

5 encrypted secret key was previously decrypted; and 
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if the encrypted secret key is not found in the local data store, determining that 
the encrypted secret key was not previously decrypted. 
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